Hi All

Please see my Dynamic IPsec script below, this is a customisation of other peoples scripts, The tunnel ID is what you have writen in the comment section. I hope you find it useful.




:local Remoteaddr "urlofremote"
:local TunID "in comment section of peer and policy"

#####DONT EDIT BELOW####################################

:local newremoteaddr [:resolve $Remoteaddr]
:log info "Reverse Lookup Sucsseded for $TunID"
:local oldremoteaddr [/ip ipsec policy get [find comment="$TunID"] sa-dst-address]
:log info "Old Remote address is $oldremoteaddr"

if ($newremoteaddr !=$oldremoteaddr) \
do={ /ip ipsec policy set [find comment="$TunID"] sa-dst-address=$newremoteaddr; \
/ip ipsec peer set [find comment="$TunID"] address=$newremoteaddr; \
:log error "changed Sa-Dst-Address & Peer Address for $TunID Restarting IPSec"; \
/ip ipsec installed-sa flush} \

else={:log warning "IP Address is still $oldremoteaddr nothing to do"}

I do not think you need this script, just use address=urlofremote instead of address=ip

I do not think you need this script, just use address=urlofremote instead of address=ip

Whilst you are correct I can use the url of the remote site in the IPsec peer configuration, unfortunatly the SA Dst Address has to be an IP address and you are unable to use a url